Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 223802d6 authored by Menghan Li's avatar Menghan Li Committed by Android (Google) Code Review
Browse files

Merge "Avoid A11y features blocked by IT admin can be allowed to bind at the... 

Merge "Avoid A11y features blocked by IT admin can be allowed to bind at the system level" into udc-dev
parents af5033e8 125d1d9b

services/accessibility/java/com/android/server/accessibility/AccessibilityManagerService.java

+28 −22
Original line number Diff line number Diff line
@@ -2263,6 +2263,15 @@ public class AccessibilityManagerService extends IAccessibilityManager.Stub 
            }

            if (userState.mEnabledServices.contains(componentName)

                    && !mUiAutomationManager.suppressingAccessibilityServicesLocked()) {

                // Skip the enabling service disallowed by device admin policy.

                if (!isAccessibilityTargetAllowed(componentName.getPackageName(),

                        installedService.getResolveInfo().serviceInfo.applicationInfo.uid,

                        userState.mUserId)) {

                    Slog.d(LOG_TAG, "Skipping enabling service disallowed by device admin policy: "

                            + componentName);

                    disableAccessibilityServiceLocked(componentName, userState.mUserId);

                    continue;

                }

                if (service == null) {

                    service = new AccessibilityServiceConnection(userState, mContext, componentName,

                            installedService, sIdCounter++, mMainHandler, mLock, mSecurityPolicy,
@@ -3875,11 +3884,9 @@ public class AccessibilityManagerService extends IAccessibilityManager.Stub 
        }

    }



    @Override

    @RequiresPermission(anyOf = {

            android.Manifest.permission.MANAGE_USERS,

            android.Manifest.permission.QUERY_ADMIN_POLICY})

    public boolean isAccessibilityTargetAllowed(String packageName, int uid, int userId) {

        final long identity = Binder.clearCallingIdentity();

        try {

            final DevicePolicyManager dpm = mContext.getSystemService(DevicePolicyManager.class);

            final List<String> permittedServices = dpm.getPermittedAccessibilityServices(userId);
@@ -3895,12 +3902,11 @@ public class AccessibilityManagerService extends IAccessibilityManager.Stub 
                return !ecmEnabled || mode == AppOpsManager.MODE_ALLOWED;

            }

            return false;

        } finally {

            Binder.restoreCallingIdentity(identity);

        }

    }



    @Override

    @RequiresPermission(anyOf = {

            android.Manifest.permission.MANAGE_USERS,

            android.Manifest.permission.QUERY_ADMIN_POLICY})

    public boolean sendRestrictedDialogIntent(String packageName, int uid, int userId) {

        // The accessibility service is allowed. Don't show the restricted dialog.

        if (isAccessibilityTargetAllowed(packageName, uid, userId)) {

services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java

+20 −19
Original line number Diff line number Diff line
@@ -11779,6 +11779,20 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { 
        final CallerIdentity caller = getCallerIdentity();

        Preconditions.checkCallAuthorization(canManageUsers(caller) || canQueryAdminPolicy(caller));













        // Move AccessibilityManager out of lock to prevent potential deadlock













        final List<AccessibilityServiceInfo> installedServices;













        long id = mInjector.binderClearCallingIdentity();













        try {













            UserInfo user = getUserInfo(userId);













            if (user.isManagedProfile()) {













                userId = user.profileGroupId;













            }













            installedServices = withAccessibilityManager(userId,













                    AccessibilityManager::getInstalledAccessibilityServiceList);













        } finally {













            mInjector.binderRestoreCallingIdentity(id);













        }



























        synchronized (getLockObject()) {















            List<String> result = null;















            // If we have multiple profiles we return the intersection of the









@@ -11805,16 +11819,6 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {



























            // If we have a permitted list add all system accessibility services.















            if (result != null) {













                long id = mInjector.binderClearCallingIdentity();













                try {













                    UserInfo user = getUserInfo(userId);













                    if (user.isManagedProfile()) {













                        userId = user.profileGroupId;













                    }













                    final List<AccessibilityServiceInfo> installedServices =













                            withAccessibilityManager(userId,













                                    AccessibilityManager::getInstalledAccessibilityServiceList);



























                if (installedServices != null) {















                    for (AccessibilityServiceInfo service : installedServices) {















                        ServiceInfo serviceInfo = service.getResolveInfo().serviceInfo;









@@ -11824,9 +11828,6 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {













                        }















                    }















                }













                } finally {













                    mInjector.binderRestoreCallingIdentity(id);













                }















            }





























            return result;